mkpub_part_e[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

mkpub_part_e.zip
Size

588KB
MD5

1b9dd8feb48e09588b80370d92aa774b
SHA1

7853149b661cdf1eebafea20fab4158df54a2fea
SHA256

03bb6d83847f932458d710be36fb26b981a8532b55c050fbff37a894a8f42655
SHA512

be980a9cd6325bc6fbfa1212b615a6a5c9512401656e480c2e0da238d662e322495cdef7afe278259f0e05cada814cdf2f65b6fb216633215f75fec9f90cf962
SSDEEP

12288:k5rKd8X4BXz8u9DWA1QYBPS7eWAB0yQt9ad6fag11np/RI0WM99JpWn:ArKqolzWeQoPS7/ABdQqcfa8C5Min

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/89e22c6f592ee5ddf95d0880ee9f1eb26fba95d9de4dbb0254da81dcbc914622.bin
unpack001/8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0.bin
unpack001/92c6fbfa7337508f9ffee25eb5e8e28265bf4639555e06c00441c8e85d79ccd7.bin
unpack001/99eab3f9cddb95ea6350d50ca7ecd94f704a2d19a2de3c95b558fc82967c0d96.bin
unpack001/a7c7f2f4d7bf22be938d8ba9ea07ae50a8bcca6ea6a061dfb121cb25d284636d.bin

Files

mkpub_part_e.zip
.zip

Password: infected
89e22c6f592ee5ddf95d0880ee9f1eb26fba95d9de4dbb0254da81dcbc914622.bin
.exe windows:5 windows x86

Password: infected

e9df9444a99e49eb51fccc88bae85d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleInputW
GetConsoleAliasesLengthW
GetConsoleAliasExesA
ReadConsoleA
GetNamedPipeHandleStateA
GetModuleHandleExW
GetComputerNameW
FreeEnvironmentStringsA
FindNextVolumeMountPointA
EnumTimeFormatsW
GetCommandLineA
GetDriveTypeA
GetEnvironmentStrings
FindResourceExA
GetConsoleCP
LoadLibraryW
GetLocaleInfoW
SwitchToFiber
DeleteVolumeMountPointW
InterlockedPopEntrySList
GetFileAttributesA
HeapQueryInformation
SetSystemPowerState
GetCompressedFileSizeA
MultiByteToWideChar
GetVolumePathNameA
GetStartupInfoW
DisconnectNamedPipe
FlushFileBuffers
GetShortPathNameA
SetDefaultCommConfigA
GetLastError
GetCurrentDirectoryW
SetLastError
PeekConsoleInputW
MoveFileW
RemoveDirectoryA
EnumSystemCodePagesW
SetComputerNameA
GetTempFileNameA
LoadLibraryA
LocalAlloc
SetCalendarInfoW
CreateHardLinkW
AddAtomW
OpenJobObjectW
FindAtomA
GetTapeParameters
GetModuleHandleA
FindNextFileW
GetStringTypeW
VirtualProtect
PurgeComm
QueryPerformanceFrequency
GetShortPathNameW
FindFirstVolumeA
GetWindowsDirectoryW
GetCurrentProcessId
AddConsoleAliasA
ReadConsoleOutputCharacterW
GetCommandLineW
GetConsoleAliasesW
GetVolumeNameForVolumeMountPointA
WideCharToMultiByte
HeapFree
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
DeleteFileA
HeapReAlloc
HeapSetInformation
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
IsProcessorFeaturePresent
HeapCreate
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringW
Sleep
SetStdHandle
GetConsoleMode
RtlUnwind
HeapSize
WriteConsoleW
ReadFile
CloseHandle
CreateFileW

user32

CharUpperBuffA
CharUpperA

gdi32

GetCharWidthA
GetKerningPairsA

Sections

.text
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0.bin
.exe windows:6 windows x86

Password: infected

d9015199fc550f4d12cfbd6fab74e595

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetProcAddress
WaitForSingleObject
CloseHandle
ExitProcess
CreateProcessW
CopyFileW
Sleep
GlobalFree

shell32

SHGetFolderPathW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
92c6fbfa7337508f9ffee25eb5e8e28265bf4639555e06c00441c8e85d79ccd7.bin
.exe windows:5 windows x86

Password: infected

231ae748dbc4fa94aca4a2ab6a3f3a91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
LockResource
WaitForSingleObject
SizeofResource
FindResourceW
GetModuleHandleW
GetLastError
CreateMutexA
GetModuleHandleA
EnumTimeFormatsW
FreeConsole
LoadResource
MoveFileA
GetCommandLineA
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

advapi32

RegDeleteKeyA

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ktqovk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
99eab3f9cddb95ea6350d50ca7ecd94f704a2d19a2de3c95b558fc82967c0d96.bin
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a7c7f2f4d7bf22be938d8ba9ea07ae50a8bcca6ea6a061dfb121cb25d284636d.bin
.exe windows:4 windows x86

Password: infected

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e9df9444a99e49eb51fccc88bae85d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 303KB - Virtual size: 303KB

.data Size: 15KB - Virtual size: 30.3MB

.rsrc Size: 45KB - Virtual size: 45KB

Password: infected

d9015199fc550f4d12cfbd6fab74e595

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 96B

.reloc Size: 1024B - Virtual size: 556B

Password: infected

231ae748dbc4fa94aca4a2ab6a3f3a91

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 47KB - Virtual size: 46KB

.reloc Size: 2KB - Virtual size: 2KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 456KB - Virtual size: 455KB

.ktqovk Size: 4KB - Virtual size: 4KB

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 29KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

shell32

winmm

ole32

shlwapi

Sections

.code Size: 14KB - Virtual size: 14KB

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 303KB - Virtual size: 303KB

.data
Size: 15KB - Virtual size: 30.3MB

.rsrc
Size: 45KB - Virtual size: 45KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 96B

.reloc
Size: 1024B - Virtual size: 556B

.text
Size: 47KB - Virtual size: 46KB

.reloc
Size: 2KB - Virtual size: 2KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 456KB - Virtual size: 455KB

.ktqovk
Size: 4KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 12B

.code
Size: 14KB - Virtual size: 14KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB